Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

org.eclipse.jgit: XXE vulnerability in Eclipse JGit

A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.11 (RHSA-2025:22775)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22775 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

EUVD-2025-15989

Malicious code in bioql PyPI...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949 XXE vulnerability in Eclipse JGit

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

PT-2025-22326

Name of the Vulnerable Software and Affected Versions Eclipse JGit versions 7.2.0.202503040940-r and older Description The ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol are vulnerable to XML External Entity...

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

at.molindo:git-commit-id-plugin (=2.1.10-alpha-1), at.nonblocking:nonsnapshot-maven-plugin (=3.0.1) +4141 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=1.2.0.201112221803-r <=5.13.2.202306221912-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =1.2.0.201112221803-r, =2.0.0, =2.0.4, =0.1.1, =0.1.1, =2.0.0, =0.0.1, =0.2.8, =1.5.6 - br.com.sabium.gradle-bump:br.com.sabium.gradle-bump.gradle.plugin =1.0.1 and more Source cves: CVE-2023-4759 Source advisory: OSV:GHSA-3P86-9955-H393...